General Data Protection Regulation adopted – sanctions for businesses and managers on the horizon
Today, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) has been adopted (text in: EUR-Lex).
The Regulation provides for an EU-wide consistent and uniform application of legal provisions on the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data. In order to ensure that the new law can be enforced effectively, it provides for, among other things, administrative fines to be imposed by national supervisory authorities for violations of the Reregulation. the
According to the general rules of administrative fines, they can be imposed on enterprises as well as on natural persons who perform the duties of a controller or processor. The amount of such fines depends on the category of infringement, provided that the maximum fine is EUR 10,000,000 or 4% of the undertaking’s total worldwide annual turnover of the preceding financial year.
The Regulation will become effective as from 25 May 2018. Therefore, those to who it is addressed should, by that time, not only become familiar with the new regulation, but also – in the context of the new system of penalties (which is to be laid down in more detail by the national law) – to take actions necessary to ensure that their practices comply with the Regulation.